Security policy for apps on the platform. Used to identify (authenticate) an app that is attempting to access an API, to make sure the app is authorized. This policy type supports multiple mechanisms for the app to present its identity, including plain text App ID, signed header with x.509 certificate, or shared secret.

Provides basic auditing of messages. Message metrics are recorded in the Policy Manager Usage Logs Monitoring tab. The request and response messages are not logged. If auditing of individual messages is needed, use the DetailedAuditing policy.

Additional Operational Policies Available in Policy Manager

Policy Name

Description

CORSAllowAll

CORS (cross-origin resource sharing) enables users to access resources from within the browser serving a web page, and defines a way in which the browser and the server can interact to determine whether or not to allow the cross-origin request.

Used to inspect the HTTP messages for content that could be considered dangerous to an API or web service, and to reject the message returning a fault if any of the defined expressions match the content.

The Paging Policy is designed to allow a client to only get a subset of a list based response. For example, if an operation is returning a list of books, and the full list is 1000 books, the client may wish to only have 100 books be returned at a time.

Performs schema validation. A common integration problem in a service-oriented architecture occurs when consumers send messages to services that don’t conform to the services' message schemas. Typically this is caused by the versioning of a service’s schema, and a consumer sending a message that conforms to a prior schema version. It can also be a consumer’s malicious attempt to cause a denial of service by sending invalid messages to a service. An SOA Container can aid by validating the messages exchanged between the consumers and services against the service’s published schema.

Supports Transaction Tracking functionality that correlates related web service events within a single activity or transaction. For example, if a service in a Container uses the Akana Delegate to call another service in a different container that is managed by the Akana Agent, it will automatically insert correlation information into the message that is collected and used by Policy Manager to collect tracking and log information.

Additional Service-Level Policies Available in Policy Manager

Defines conditions for measuring and reporting performance of a specific contract. Each policy is composed of a "Rule" and "Access Interval." Rules represent the conditions you define to measure and report performance of a service contract. When a defined system condition matches a defined rule, an alert is raised.

Policy Name

Description

Bandwidth Quota Policy

Allows you to configure the bandwidth cap (i.e, quota) that a consumer can upload or download at any given time. The bandwidth cap can be specified as kilobytes or megabytes per second. If the quota is exceeded, the runtime will throttle the traffic to conform to the quota policy. The quota is also assigned to either the request (upload) or response (download). No alerts are generated for this policy since the bandwidth consumed is a function of the network speed and capabilities of the service provider, not the consumer.

Category: QoS (Quality of Service Policy)

Script Policy

Allows you to update a policy defined using BeanShell or Jython script languages. A series of predefined functions and variables are provided that allow you to build a custom policy expression that is evaluated at runtime. Several sample scripts are also provided that illustrate common quota management activities.

Category: QoS (Quality of Service Policy)

Service Level Enforcement

The Service Level Enforcement Policy is a Quality of Service (QoS) policy that allows you to enable and configure the error message returned to the consumer when their SLA is violated.

This policy works in conjunction with a Service-Level Policy and only applies to the following Service-Level rules: "Usage Count," "Total Request Message Size," and "Total Response Message Size."

You define a Service-Level Policy and specify each service level condition and alert code, then you define a Service Level Enforcement Policy and specify the error message you would like displayed when a specified service level condition is violated.

Category: QoS (Quality of Service Policy)

Throughput Quota Policy

Allows you to monitor web service throughput performance by specifying a throughput limit (quota), queue size, and configuring fault and alert notifications.

If the quota is exceeded, a consumer fault message will be returned to the service consumer and an alert will be logged.

Category: QoS (Quality of Service Policy)

Timeout Policy

Allows you to configure the timeout for each request and specify a custom fault error message that is returned to the client.

Category: QoS (Quality of Service Policy)

Concurrency Quota Policy

Allows you to monitor the web service concurrency performance by specifying a concurrency limit (quota) that represents the maximum number of concurrency connections, and configuring fault and alert notifications.

If the specified concurrency limit is exceeded, Policy Manager will return a fault and send an alert.